General

  • Target

    3ee783c204048897f91ce19e6ec58f85a6f2fd1f10bb1f06c3fcc1b6ae6f9b5b

  • Size

    2.9MB

  • Sample

    241030-19xgzascrf

  • MD5

    5f872bf66a9e456c70f7ee4fa6b53e4c

  • SHA1

    b1671863784faf70581dbfe7567341dc5bf8f304

  • SHA256

    3ee783c204048897f91ce19e6ec58f85a6f2fd1f10bb1f06c3fcc1b6ae6f9b5b

  • SHA512

    3306d0938d1226d893b0e6db11b3a16ce183e71604c559b0c2dd42b60d062fac66cea810b32abcc8fd5b0ac2b85f832433baa732fa728b928da862aa5f16edc9

  • SSDEEP

    24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHm:7v97AXmw4gxeOw46fUbNecCCFbNecF

Malware Config

Targets

    • Target

      3ee783c204048897f91ce19e6ec58f85a6f2fd1f10bb1f06c3fcc1b6ae6f9b5b

    • Size

      2.9MB

    • MD5

      5f872bf66a9e456c70f7ee4fa6b53e4c

    • SHA1

      b1671863784faf70581dbfe7567341dc5bf8f304

    • SHA256

      3ee783c204048897f91ce19e6ec58f85a6f2fd1f10bb1f06c3fcc1b6ae6f9b5b

    • SHA512

      3306d0938d1226d893b0e6db11b3a16ce183e71604c559b0c2dd42b60d062fac66cea810b32abcc8fd5b0ac2b85f832433baa732fa728b928da862aa5f16edc9

    • SSDEEP

      24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHm:7v97AXmw4gxeOw46fUbNecCCFbNecF

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks